idnits 2.17.1 draft-ietf-radext-rfc2621bis-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 15. -- Found old boilerplate from RFC 3978, Section 5.5 on line 922. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 899. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 906. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 912. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == The 'Updates: ' line in the draft header should list only the _numbers_ of the RFCs which will be updated by this document (if approved); it should not include the word 'RFC' in the list. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 470 has weird spacing: '...invalid authe...' == Line 631 has weird spacing: '...invalid authe...' (Using the creation date from RFC2621, updated by this document, for RFC5378 checks: 1997-08-26) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (August 30, 2005) is 6813 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC 4001' is mentioned on line 109, but not defined == Unused Reference: 'RFC3418' is defined on line 857, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2574 (Obsoleted by RFC 3414) ** Obsolete normative reference: RFC 2575 (Obsoleted by RFC 3415) ** Downref: Normative reference to an Informational RFC: RFC 3410 -- Obsolete informational reference (is this intentional?): RFC 2621 (Obsoleted by RFC 4671) Summary: 6 errors (**), 0 flaws (~~), 7 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group D. Nelson 3 Internet-Draft Enterasys Networks 4 Updates: RFC 2621 (if approved) August 30, 2005 5 Expires: March 3, 2006 7 RADIUS Acct Server MIB (IPv6) 8 draft-ietf-radext-rfc2621bis-00.txt 10 Status of this Memo 12 By submitting this Internet-Draft, each author represents that any 13 applicable patent or other IPR claims of which he or she is aware 14 have been or will be disclosed, and any of which he or she becomes 15 aware will be disclosed, in accordance with Section 6 of BCP 79. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that 19 other groups may also distribute working documents as Internet- 20 Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 The list of current Internet-Drafts can be accessed at 28 http://www.ietf.org/ietf/1id-abstracts.txt. 30 The list of Internet-Draft Shadow Directories can be accessed at 31 http://www.ietf.org/shadow.html. 33 This Internet-Draft will expire on March 3, 2006. 35 Copyright Notice 37 Copyright (C) The Internet Society (2005). 39 Abstract 41 This memo updates RFC 2621 by deprecating the MIB table containing 42 IPv4-only address formats and defining a new table to add support for 43 version neutral IP address formats. 45 Table of Contents 47 1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 48 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 49 3. The Internet-Standard Management Framework . . . . . . . . . . 3 50 4. Scope of Changes . . . . . . . . . . . . . . . . . . . . . . . 3 51 5. Structure of the MIB Module . . . . . . . . . . . . . . . . . 4 52 6. Deprecated Objects . . . . . . . . . . . . . . . . . . . . . . 4 53 7. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4 54 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 55 9. Security Considerations . . . . . . . . . . . . . . . . . . . 18 56 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19 57 10.1. Normative References . . . . . . . . . . . . . . . . . . 19 58 10.2. Informative References . . . . . . . . . . . . . . . . . 20 59 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 20 60 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 21 61 Intellectual Property and Copyright Statements . . . . . . . . . . 22 63 1. Terminology 65 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 66 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 67 document are to be interpreted as described in RFC 2119 [RFC2119]. 69 This document uses terminology from RFC 2866 [RFC2866]. 71 2. Introduction 73 This memo defines a portion of the Management Information Base (MIB) 74 for use with network management protocols in the Internet community. 75 The objects defined within this memo relate to the Remote 76 Authentication Dial-In User Service (RADIUS) Accounting Server as 77 defined in RFC 2866 [RFC2866]. 79 3. The Internet-Standard Management Framework 81 For a detailed overview of the documents that describe the current 82 Internet-Standard Management Framework, please refer to section 7 of 83 RFC 3410 [RFC3410]. 85 Managed objects are accessed via a virtual information store, termed 86 the Management Information Base or MIB. MIB objects are generally 87 accessed through the Simple Network Management Protocol (SNMP). 88 Objects in the MIB are defined using the mechanisms defined in the 89 Structure of Management Information (SMI). This memo specifies a MIB 90 module that is compliant to the SMIv2, which is described in STD 58, 91 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 92 [RFC2580]. 94 4. Scope of Changes 96 This document updates RFC 2621 [RFC2621], RADIUS Accounting Server 97 MIB, by deprecating the radiusAccClientTable table and adding a new 98 table, radiusAccClientExtTable, containing 99 radiusAccClientInetAddressType and radiusAccClientInetAddress. The 100 purpose of these added MIB objects is to support version neutral IP 101 addressing formats. The existing table containing 102 radiusAccClientAddress is deprecated. 104 RFC 4001 [RFC4001], which defines the SMI Textual Conventions for 105 version neutral IP addresses, contains the following recommendation. 107 'In particular, when revising a MIB module that contains IPv4 108 specific tables, it is suggested to define new tables using the 109 textual conventions defined in this memo [RFC 4001] that support all 110 versions of IP. The status of the new tables SHOULD be "current", 111 whereas the status of the old IP version specific tables SHOULD be 112 changed to "deprecated". The other approach, of having multiple 113 similar tables for different IP versions, is strongly discouraged.' 115 5. Structure of the MIB Module 117 The structure of the MIB Module defined in this memo corresponds to 118 the structure of the MIB Module defined in RADIUS Accounting Server 119 MIB, RFC 2621 [RFC2621]. This MIB module contains thirteen scalars 120 as well as a single table, the RADIUS Accounting Client Table, which 121 contains one row for each RADIUS accounting client with which the 122 server shares a secret. 124 Each entry in the RADIUS Accounting Client Table includes twelve 125 columns presenting a view of the activity of the RADIUS accounting 126 server. 128 6. Deprecated Objects 130 The deprecated table in this MIB is carried forward from RFC 2621 131 [RFC2621]. There are two conditions under which it MAY be desirable 132 for managed entities to continue to support the deprecated table: 134 1. The managed entity only supports IPv4 address formats. 135 2. The managed entity supports both IPv4 and IPv6 address formats, 136 and the deprecated table is supported for backwards compatibility 137 with older management stations. This option SHOULD only be used 138 when the IP addresses in the new table are in IPv4 format and can 139 accurately be represented in both the new table and the 140 deprecated table. 142 Managed entities SHOULD NOT instantiate the deprecated table 143 containing IPv4-only address objects when the RADIUS server address 144 represented in the table row is not an IPv4 address. Managed 145 entities SHOULD NOT return inaccurate values of IP address or SNMP 146 object access errors for IPv4-only address objects in otherwise 147 populated tables. 149 7. Definitions 151 4. Definitions 152 RADIUS-ACCT-SERVER-MIB DEFINITIONS ::= BEGIN 154 IMPORTS 155 MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, 156 Counter32, Integer32, 157 IpAddress, TimeTicks, mib-2 FROM SNMPv2-SMI 158 SnmpAdminString FROM SNMP-FRAMEWORK-MIB 159 InetAddressType, InetAddress FROM INET-ADDRESS-MIB 160 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF; 162 radiusAccServMIB MODULE-IDENTITY 163 LAST-UPDATED "200508300000Z" -- 30 Aug 2005 164 ORGANIZATION "IETF RADIUS Extensions Working Group." 165 CONTACT-INFO 166 " Bernard Aboba 167 Microsoft 168 One Microsoft Way 169 Redmond, WA 98052 170 US 171 Phone: +1 425 936 6605 172 EMail: bernarda@microsoft.com" 173 DESCRIPTION 174 "The MIB module for entities implementing the server 175 side of the Remote Authentication Dial-In User 176 Service (RADIUS) accounting protocol." 177 REVISION "9906110000Z" -- 11 Jun 1999 178 DESCRIPTION "Initial version as published in RFC 2621" 179 REVISION "200508300000Z" -- 30 Aug 2005 180 DESCRIPTION "Revised version as published in RFC xxxx." 182 -- RFC Editor: replace xxxx with actual RFC number at the time of 183 -- publication, and remove this note. 185 ::= { radiusAccounting 1 } 187 radiusMIB OBJECT-IDENTITY 188 STATUS current 189 DESCRIPTION 190 "The OID assigned to RADIUS MIB work by the IANA." 191 ::= { mib-2 67 } 193 radiusAccServExtMIB OBJECT-IDENTITY 194 STATUS current 195 DESCRIPTION 196 "The OID assigned to RADIUS Extensions MIB 197 work by the IANA." 198 ::= { mib-2 TBA } 200 -- RFC Editor: replace TBA with IANA assigned OID value, and 201 -- remove this note. 203 radiusAccounting OBJECT IDENTIFIER ::= {radiusMIB 2} 205 radiusAccServMIBObjects OBJECT IDENTIFIER 206 ::= { radiusAccServMIB 1 } 208 radiusAccServExtMIBObjects OBJECT IDENTIFIER 209 ::= { radiusAccServExtMIB 1 } 211 radiusAccServ OBJECT IDENTIFIER 212 ::= { radiusAccServMIBObjects 1 } 214 radiusAccServExt OBJECT IDENTIFIER 215 ::= { radiusAccServExtMIBObjects 1 } 217 radiusAccServIdent OBJECT-TYPE 218 SYNTAX SnmpAdminString 219 MAX-ACCESS read-only 220 STATUS current 221 DESCRIPTION 222 "The implementation identification string for the 223 RADIUS accounting server software in use on the 224 system, for example; `FNS-2.1'" 225 ::= {radiusAccServ 1} 227 radiusAccServUpTime OBJECT-TYPE 228 SYNTAX TimeTicks 229 MAX-ACCESS read-only 230 STATUS current 231 DESCRIPTION 232 "If the server has a persistent state (e.g., a 233 process), this value will be the time elapsed (in 234 hundredths of a second) since the server process was 235 started. For software without persistent state, this 236 value will be zero." 237 ::= {radiusAccServ 2} 239 radiusAccServResetTime OBJECT-TYPE 240 SYNTAX TimeTicks 241 MAX-ACCESS read-only 242 STATUS current 243 DESCRIPTION 244 "If the server has a persistent state (e.g., a process) 245 and supports a `reset' operation (e.g., can be told to 246 re-read configuration files), this value will be the 247 time elapsed (in hundredths of a second) since the 248 server was `reset.' For software that does not 249 have persistence or does not support a `reset' 250 operation, this value will be zero." 251 ::= {radiusAccServ 3} 253 radiusAccServConfigReset OBJECT-TYPE 254 SYNTAX INTEGER { other(1), 255 reset(2), 256 initializing(3), 257 running(4)} 258 MAX-ACCESS read-write 259 STATUS current 260 DESCRIPTION 261 "Status/action object to reinitialize any persistent 262 server state. When set to reset(2), any persistent 263 server state (such as a process) is reinitialized as 264 if the server had just been started. This value will 265 never be returned by a read operation. When read, 266 one of the following values will be returned: 267 other(1) - server in some unknown state; 268 initializing(3) - server (re)initializing; 269 running(4) - server currently running." 270 ::= {radiusAccServ 4} 272 radiusAccServTotalRequests OBJECT-TYPE 273 SYNTAX Counter32 274 MAX-ACCESS read-only 275 STATUS current 276 DESCRIPTION 277 "The number of packets received on the 278 accounting port." 279 ::= { radiusAccServ 5 } 281 radiusAccServTotalInvalidRequests OBJECT-TYPE 282 SYNTAX Counter32 283 MAX-ACCESS read-only 284 STATUS current 285 DESCRIPTION 286 "The number of RADIUS Accounting-Request packets 287 received from unknown addresses." 288 ::= { radiusAccServ 6 } 290 radiusAccServTotalDupRequests OBJECT-TYPE 291 SYNTAX Counter32 292 MAX-ACCESS read-only 293 STATUS current 294 DESCRIPTION 295 "The number of duplicate RADIUS Accounting-Request 296 packets received." 297 ::= { radiusAccServ 7 } 299 radiusAccServTotalResponses OBJECT-TYPE 300 SYNTAX Counter32 301 MAX-ACCESS read-only 302 STATUS current 303 DESCRIPTION 304 "The number of RADIUS Accounting-Response packets 305 sent." 306 ::= { radiusAccServ 8 } 308 radiusAccServTotalMalformedRequests OBJECT-TYPE 309 SYNTAX Counter32 310 MAX-ACCESS read-only 311 STATUS current 312 DESCRIPTION 313 "The number of malformed RADIUS Accounting-Request 314 packets received. Bad authenticators or unknown 315 types are not included as malformed Access-Requests." 316 ::= { radiusAccServ 9 } 318 radiusAccServTotalBadAuthenticators OBJECT-TYPE 319 SYNTAX Counter32 320 MAX-ACCESS read-only 321 STATUS current 322 DESCRIPTION 323 "The number of RADIUS Accounting-Request packets 324 which contained invalid Signature attributes." 325 ::= { radiusAccServ 10 } 327 radiusAccServTotalPacketsDropped OBJECT-TYPE 328 SYNTAX Counter32 329 MAX-ACCESS read-only 330 STATUS current 331 DESCRIPTION 332 "The number of incoming packets silently discarded 333 for a reason other than malformed, bad authenticators, 334 or unknown types." 335 ::= { radiusAccServ 11 } 337 radiusAccServTotalNoRecords OBJECT-TYPE 338 SYNTAX Counter32 339 MAX-ACCESS read-only 340 STATUS current 341 DESCRIPTION 342 "The number of RADIUS Accounting-Request packets 343 which were received and responded to but not 344 recorded." 345 ::= { radiusAccServ 12 } 347 radiusAccServTotalUnknownTypes OBJECT-TYPE 348 SYNTAX Counter32 349 MAX-ACCESS read-only 350 STATUS current 351 DESCRIPTION 352 "The number of RADIUS packets of unknowntype which 353 were received." 354 ::= { radiusAccServ 13 } 356 radiusAccClientTable OBJECT-TYPE 357 SYNTAX SEQUENCE OF RadiusAccClientEntry 358 MAX-ACCESS not-accessible 359 STATUS deprecated 360 DESCRIPTION 361 "The (conceptual) table listing the RADIUS accounting 362 clients with which the server shares a secret." 363 ::= { radiusAccServ 14 } 365 radiusAccClientEntry OBJECT-TYPE 366 SYNTAX RadiusAccClientEntry 367 MAX-ACCESS not-accessible 368 STATUS deprecated 369 DESCRIPTION 370 "An entry (conceptual row) representing a RADIUS 371 accounting client with which the server shares a 372 secret." 373 INDEX { radiusAccClientIndex } 374 ::= { radiusAccClientTable 1 } 376 RadiusAccClientEntry ::= SEQUENCE { 377 radiusAccClientIndex Integer32, 378 radiusAccClientAddress IpAddress, 379 radiusAccClientID SnmpAdminString, 380 radiusAccServPacketsDropped Counter32, 381 radiusAccServRequests Counter32, 382 radiusAccServDupRequests Counter32, 383 radiusAccServResponses Counter32, 384 radiusAccServBadAuthenticators Counter32, 385 radiusAccServMalformedRequests Counter32, 386 radiusAccServNoRecords Counter32, 387 radiusAccServUnknownTypes Counter32 388 } 390 radiusAccClientIndex OBJECT-TYPE 391 SYNTAX Integer32 (1..2147483647) 392 MAX-ACCESS not-accessible 393 STATUS deprecated 394 DESCRIPTION 395 "A number uniquely identifying each RADIUS accounting 396 client with which this server communicates." 397 ::= { radiusAccClientEntry 1 } 399 radiusAccClientAddress OBJECT-TYPE 400 SYNTAX IpAddress 401 MAX-ACCESS read-only 402 STATUS deprecated 403 DESCRIPTION 404 "The NAS-IP-Address of the RADIUS accounting client 405 referred to in this table entry." 406 ::= { radiusAccClientEntry 2 } 408 radiusAccClientID OBJECT-TYPE 409 SYNTAX SnmpAdminString 410 MAX-ACCESS read-only 411 STATUS deprecated 412 DESCRIPTION 413 "The NAS-Identifier of the RADIUS accounting client 414 referred to in this table entry. This is not 415 necessarily the same as sysName in MIB II." 416 ::= { radiusAccClientEntry 3 } 418 -- Server Counters 419 -- 420 -- Requests - DupRequests - BadAuthenticators - MalformedRequests - 421 -- UnknownTypes - PacketsDropped - Responses = Pending 422 -- 423 -- Requests - DupRequests - BadAuthenticators - MalformedRequests - 424 -- UnknownTypes - PacketsDropped - NoRecords = entries logged 426 radiusAccServPacketsDropped OBJECT-TYPE 427 SYNTAX Counter32 428 MAX-ACCESS read-only 429 STATUS deprecated 430 DESCRIPTION 431 "The number of incoming packets received 432 from this client and silently discarded 433 for a reason other than malformed, bad 434 authenticators, or unknown types." 435 ::= { radiusAccClientEntry 4 } 437 radiusAccServRequests OBJECT-TYPE 438 SYNTAX Counter32 439 MAX-ACCESS read-only 440 STATUS deprecated 441 DESCRIPTION 442 "The number of packets received from this 443 client on the accounting port." 444 ::= { radiusAccClientEntry 5 } 446 radiusAccServDupRequests OBJECT-TYPE 447 SYNTAX Counter32 448 MAX-ACCESS read-only 449 STATUS deprecated 450 DESCRIPTION 451 "The number of duplicate RADIUS Accounting-Request 452 packets received from this client." 453 ::= { radiusAccClientEntry 6 } 455 radiusAccServResponses OBJECT-TYPE 456 SYNTAX Counter32 457 MAX-ACCESS read-only 458 STATUS deprecated 459 DESCRIPTION 460 "The number of RADIUS Accounting-Response packets 461 sent to this client." 462 ::= { radiusAccClientEntry 7 } 464 radiusAccServBadAuthenticators OBJECT-TYPE 465 SYNTAX Counter32 466 MAX-ACCESS read-only 467 STATUS deprecated 468 DESCRIPTION 469 "The number of RADIUS Accounting-Request packets 470 which contained invalid authenticators received 471 from this client." 472 ::= { radiusAccClientEntry 8 } 474 radiusAccServMalformedRequests OBJECT-TYPE 475 SYNTAX Counter32 476 MAX-ACCESS read-only 477 STATUS deprecated 478 DESCRIPTION 479 "The number of malformed RADIUS Accounting-Request 480 packets which were received from this client. 481 Bad authenticators and unknown types 482 are not included as malformed Accounting-Requests." 483 ::= { radiusAccClientEntry 9 } 485 radiusAccServNoRecords OBJECT-TYPE 486 SYNTAX Counter32 487 MAX-ACCESS read-only 488 STATUS deprecated 489 DESCRIPTION 490 "The number of RADIUS Accounting-Request packets 491 which were received and responded to but not 492 recorded." 493 ::= { radiusAccClientEntry 10 } 495 radiusAccServUnknownTypes OBJECT-TYPE 496 SYNTAX Counter32 497 MAX-ACCESS read-only 498 STATUS deprecated 499 DESCRIPTION 500 "The number of RADIUS packets of unknown type which 501 were received from this client." 502 ::= { radiusAccClientEntry 11 } 504 -- Extended MIB Objects 506 radiusAccClientExtTable OBJECT-TYPE 507 SYNTAX SEQUENCE OF RadiusAccClientExtEntry 508 MAX-ACCESS not-accessible 509 STATUS current 510 DESCRIPTION 511 "The (conceptual) table listing the RADIUS accounting 512 clients with which the server shares a secret." 513 ::= { radiusAccServExt 1 } 515 radiusAccClientExtEntry OBJECT-TYPE 516 SYNTAX RadiusAccClientExtEntry 517 MAX-ACCESS not-accessible 518 STATUS current 519 DESCRIPTION 520 "An entry (conceptual row) representing a RADIUS 521 accounting client with which the server shares a 522 secret." 523 INDEX { radiusAccClientExtIndex } 524 ::= { radiusAccClientExtTable 1 } 526 RadiusAccClientExtEntry ::= SEQUENCE { 527 radiusAccClientExtIndex Integer32, 528 radiusAccClientInetAddressType InetAddressType, 529 radiusAccClientInetAddress InetAddress, 530 radiusAccClientExtID SnmpAdminString, 531 radiusAccServExtPacketsDropped Counter32, 532 radiusAccServExtRequests Counter32, 533 radiusAccServExtDupRequests Counter32, 534 radiusAccServExtResponses Counter32, 535 radiusAccServExtBadAuthenticators Counter32, 536 radiusAccServExtMalformedRequests Counter32, 537 radiusAccServExtNoRecords Counter32, 538 radiusAccServExtUnknownTypes Counter32 539 } 541 radiusAccClientExtIndex OBJECT-TYPE 542 SYNTAX Integer32 (1..2147483647) 543 MAX-ACCESS not-accessible 544 STATUS current 545 DESCRIPTION 546 "A number uniquely identifying each RADIUS accounting 547 client with which this server communicates." 548 ::= { radiusAccClientExtEntry 1 } 550 radiusAccClientInetAddressType OBJECT-TYPE 551 SYNTAX InetAddressType 552 MAX-ACCESS read-only 553 STATUS current 554 DESCRIPTION 555 "The type of address format used for the 556 radiusAccClientInetAddress object." 557 ::= { radiusAccClientExtEntry 2 } 559 radiusAccClientInetAddress OBJECT-TYPE 560 SYNTAX InetAddress 561 MAX-ACCESS read-only 562 STATUS current 563 DESCRIPTION 564 "The IP address of the RADIUS accounting 565 client referred to in this table entry, using 566 the IPv6 adddess format." 567 ::= { radiusAccClientExtEntry 3 } 569 radiusAccClientExtID OBJECT-TYPE 570 SYNTAX SnmpAdminString 571 MAX-ACCESS read-only 572 STATUS current 573 DESCRIPTION 574 "The NAS-Identifier of the RADIUS accounting client 575 referred to in this table entry. This is not 576 necessarily the same as sysName in MIB II." 577 ::= { radiusAccClientExtEntry 4 } 579 -- Server Counters 580 -- 581 -- Requests - DupRequests - BadAuthenticators - MalformedRequests - 582 -- UnknownTypes - PacketsDropped - Responses = Pending 583 -- 584 -- Requests - DupRequests - BadAuthenticators - MalformedRequests - 585 -- UnknownTypes - PacketsDropped - NoRecords = entries logged 587 radiusAccServExtPacketsDropped OBJECT-TYPE 588 SYNTAX Counter32 589 MAX-ACCESS read-only 590 STATUS current 591 DESCRIPTION 592 "The number of incoming packets received 593 from this client and silently discarded 594 for a reason other than malformed, bad 595 authenticators, or unknown types." 596 ::= { radiusAccClientExtEntry 5 } 598 radiusAccServExtRequests OBJECT-TYPE 599 SYNTAX Counter32 600 MAX-ACCESS read-only 601 STATUS current 602 DESCRIPTION 603 "The number of packets received from this 604 client on the accounting port." 605 ::= { radiusAccClientExtEntry 6 } 607 radiusAccServExtDupRequests OBJECT-TYPE 608 SYNTAX Counter32 609 MAX-ACCESS read-only 610 STATUS current 611 DESCRIPTION 612 "The number of duplicate RADIUS Accounting-Request 613 packets received from this client." 614 ::= { radiusAccClientExtEntry 7 } 616 radiusAccServExtResponses OBJECT-TYPE 617 SYNTAX Counter32 618 MAX-ACCESS read-only 619 STATUS current 620 DESCRIPTION 621 "The number of RADIUS Accounting-Response packets 622 sent to this client." 623 ::= { radiusAccClientExtEntry 8 } 625 radiusAccServExtBadAuthenticators OBJECT-TYPE 626 SYNTAX Counter32 627 MAX-ACCESS read-only 628 STATUS current 629 DESCRIPTION 630 "The number of RADIUS Accounting-Request packets 631 which contained invalid authenticators received 632 from this client." 633 ::= { radiusAccClientExtEntry 9 } 635 radiusAccServExtMalformedRequests OBJECT-TYPE 636 SYNTAX Counter32 637 MAX-ACCESS read-only 638 STATUS current 639 DESCRIPTION 640 "The number of malformed RADIUS Accounting-Request 641 packets which were received from this client. 642 Bad authenticators and unknown types 643 are not included as malformed Accounting-Requests." 644 ::= { radiusAccClientExtEntry 10 } 646 radiusAccServExtNoRecords OBJECT-TYPE 647 SYNTAX Counter32 648 MAX-ACCESS read-only 649 STATUS current 650 DESCRIPTION 651 "The number of RADIUS Accounting-Request packets 652 which were received and responded to but not 653 recorded." 654 ::= { radiusAccClientExtEntry 11 } 656 radiusAccServExtUnknownTypes OBJECT-TYPE 657 SYNTAX Counter32 658 MAX-ACCESS read-only 659 STATUS current 660 DESCRIPTION 661 "The number of RADIUS packets of unknown type which 662 were received from this client." 663 ::= { radiusAccClientExtEntry 12 } 665 -- conformance information 667 radiusAccServMIBConformance OBJECT IDENTIFIER 668 ::= { radiusAccServMIB 2 } 670 radiusAccServMIBCompliances OBJECT IDENTIFIER 671 ::= { radiusAccServMIBConformance 1 } 673 radiusAccServMIBGroups OBJECT IDENTIFIER 674 ::= { radiusAccServMIBConformance 2 } 676 radiusAccServExtMIBConformance OBJECT IDENTIFIER 677 ::= { radiusAccServExtMIB 2 } 679 radiusAccServExtMIBCompliances OBJECT IDENTIFIER 680 ::= { radiusAccServExtMIBConformance 1 } 682 radiusAccServExtMIBGroups OBJECT IDENTIFIER 683 ::= { radiusAccServExtMIBConformance 2 } 685 -- compliance statements 687 radiusAccServMIBCompliance MODULE-COMPLIANCE 688 STATUS deprecated 689 DESCRIPTION 690 "The compliance statement for accounting servers 691 implementing the RADIUS Accounting Server MIB." 692 MODULE -- this module 693 MANDATORY-GROUPS { radiusAccServMIBGroup } 695 OBJECT radiusAccServConfigReset 696 WRITE-SYNTAX INTEGER { reset(2) } 697 DESCRIPTION "The only SETable value is 'reset' (2)." 699 ::= { radiusAccServMIBCompliances 1 } 701 radiusAccServExtMIBCompliance MODULE-COMPLIANCE 702 STATUS current 703 DESCRIPTION 704 "The compliance statement for accounting servers 705 implementing the RADIUS Accounting Server MIB." 706 MODULE -- this module 707 MANDATORY-GROUPS { radiusAccServExtMIBGroup } 709 OBJECT radiusAccServConfigReset 710 WRITE-SYNTAX INTEGER { reset(2) } 711 DESCRIPTION "The only SETable value is 'reset' (2)." 713 ::= { radiusAccServExtMIBCompliances 1 } 715 -- units of conformance 717 radiusAccServMIBGroup OBJECT-GROUP 718 OBJECTS {radiusAccServIdent, 719 radiusAccServUpTime, 720 radiusAccServResetTime, 721 radiusAccServConfigReset, 722 radiusAccServTotalRequests, 723 radiusAccServTotalInvalidRequests, 724 radiusAccServTotalDupRequests, 725 radiusAccServTotalResponses, 726 radiusAccServTotalMalformedRequests, 727 radiusAccServTotalBadAuthenticators, 728 radiusAccServTotalPacketsDropped, 729 radiusAccServTotalNoRecords, 730 radiusAccServTotalUnknownTypes, 731 radiusAccClientAddress, 732 radiusAccClientID, 733 radiusAccServPacketsDropped, 734 radiusAccServRequests, 735 radiusAccServDupRequests, 736 radiusAccServResponses, 737 radiusAccServBadAuthenticators, 738 radiusAccServMalformedRequests, 739 radiusAccServNoRecords, 740 radiusAccServUnknownTypes 741 } 742 STATUS deprecated 743 DESCRIPTION 744 "The collection of objects providing management of 745 a RADIUS Accounting Server." 746 ::= { radiusAccServMIBGroups 1 } 748 radiusAccServExtMIBGroup OBJECT-GROUP 749 OBJECTS {radiusAccServIdent, 750 radiusAccServUpTime, 751 radiusAccServResetTime, 752 radiusAccServConfigReset, 753 radiusAccServTotalRequests, 754 radiusAccServTotalInvalidRequests, 755 radiusAccServTotalDupRequests, 756 radiusAccServTotalResponses, 757 radiusAccServTotalMalformedRequests, 758 radiusAccServTotalBadAuthenticators, 759 radiusAccServTotalPacketsDropped, 760 radiusAccServTotalNoRecords, 761 radiusAccServTotalUnknownTypes, 762 radiusAccClientInetAddressType, 763 radiusAccClientInetAddress, 764 radiusAccClientExtID, 765 radiusAccServExtPacketsDropped, 766 radiusAccServExtRequests, 767 radiusAccServExtDupRequests, 768 radiusAccServExtResponses, 769 radiusAccServExtBadAuthenticators, 770 radiusAccServExtMalformedRequests, 771 radiusAccServExtNoRecords, 772 radiusAccServExtUnknownTypes 773 } 774 STATUS current 775 DESCRIPTION 776 "The collection of objects providing management of 777 a RADIUS Accounting Server." 778 ::= { radiusAccServExtMIBGroups 1 } 780 END 782 8. IANA Considerations 784 This document requires IANA assignment of a number in the MIB-2 OID 785 number space. 787 9. Security Considerations 789 There are no management objects defined in this MIB that have a MAX- 790 ACCESS clause of read-write and/or read-create. So, if this MIB is 791 implemented correctly, then there is no risk that an intruder can 792 alter or create any management objects of this MIB via direct SNMP 793 SET operations. 795 There are a number of managed objects in this MIB that may contain 796 sensitive information. These are: 798 radiusAccClientIPAddress This can be used to determine the address of 799 the RADIUS accounting client with which the server is 800 communicating. This information could be useful in mounting an 801 attack on the accounting client. 802 radiusAccClientInetAddress This can be used to determine the address 803 of the RADIUS accounting client with which the server is 804 communicating. This information could be useful in mounting an 805 attack on the accounting client. 807 It is thus important to control even GET access to these objects and 808 possibly to even encrypt the values of these object when sending them 809 over the network via SNMP. Not all versions of SNMP provide features 810 for such a secure environment. 812 SNMP versions prior to SNMPv3 do not provide a secure environment. 813 Even if the network itself is secure (for example by using IPSec), 814 there is no control as to who on the secure network is allowed to 815 access and GET/SET (read/change/create/delete) the objects in this 816 MIB. 818 It is recommended that the implementers consider the security 819 features as provided by the SNMPv3 framework. Specifically, the use 820 of the User-based Security Model [RFC2574] and the View-based Access 821 Control Model [RFC2575] is recommended. Using these security 822 features, customer/users can give access to the objects only to those 823 principals (users) that have legitimate rights to GET or SET (change/ 824 create/delete) them. 826 10. References 828 10.1. Normative References 830 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 831 Requirement Levels", BCP 14, RFC 2119, March 1997. 833 [RFC2574] Blumenthal, U. and B. Wijnen, "User-based Security Model 834 (USM) for version 3 of the Simple Network Management 835 Protocol (SNMPv3)", RFC 2574, April 1999. 837 [RFC2575] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based 838 Access Control Model (VACM) for the Simple Network 839 Management Protocol (SNMP)", RFC 2575, April 1999. 841 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 842 Schoenwaelder, Ed., "Structure of Management Information 843 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 845 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 846 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 847 STD 58, RFC 2579, April 1999. 849 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 850 "Conformance Statements for SMIv2", STD 58, RFC 2580, 851 April 1999. 853 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 854 "Introduction and Applicability Statements for Internet- 855 Standard Management Framework", RFC 3410, December 2002. 857 [RFC3418] Presuhn, R., "Management Information Base (MIB) for the 858 Simple Network Management Protocol (SNMP)", STD 62, 859 RFC 3418, December 2002. 861 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 863 Schoenwaelder, "Textual Conventions for Internet Network 864 Addresses", RFC 4001, February 2005. 866 10.2. Informative References 868 [RFC2621] Zorn, G. and B. Aboba, "RADIUS Accounting Server MIB", 869 RFC 2621, June 1999. 871 [RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000. 873 Appendix A. Acknowledgments 875 The Authors of the original MIB are Bernard Aboba and Glen Zorn. 877 Many thanks to all reviewers, especially to Dave Harrington, Dan 878 Romascanu, C.M. Heard, Bruno Pape and Greg Weber. 880 Author's Address 882 David B. Nelson 883 Enterasys Networks 884 50 Minuteman Road 885 Andover, MA 01810 886 USA 888 Email: dnelson@enterasys.com 890 Intellectual Property Statement 892 The IETF takes no position regarding the validity or scope of any 893 Intellectual Property Rights or other rights that might be claimed to 894 pertain to the implementation or use of the technology described in 895 this document or the extent to which any license under such rights 896 might or might not be available; nor does it represent that it has 897 made any independent effort to identify any such rights. Information 898 on the procedures with respect to rights in RFC documents can be 899 found in BCP 78 and BCP 79. 901 Copies of IPR disclosures made to the IETF Secretariat and any 902 assurances of licenses to be made available, or the result of an 903 attempt made to obtain a general license or permission for the use of 904 such proprietary rights by implementers or users of this 905 specification can be obtained from the IETF on-line IPR repository at 906 http://www.ietf.org/ipr. 908 The IETF invites any interested party to bring to its attention any 909 copyrights, patents or patent applications, or other proprietary 910 rights that may cover technology that may be required to implement 911 this standard. Please address the information to the IETF at 912 ietf-ipr@ietf.org. 914 Disclaimer of Validity 916 This document and the information contained herein are provided on an 917 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 918 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 919 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 920 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 921 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 922 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 924 Copyright Statement 926 Copyright (C) The Internet Society (2005). This document is subject 927 to the rights, licenses and restrictions contained in BCP 78, and 928 except as set forth therein, the authors retain all their rights. 930 Acknowledgment 932 Funding for the RFC Editor function is currently provided by the 933 Internet Society.